CyberSecurity Updates

13 Jul

ESET Research Podcast: Finding the mythical BlackLotus bootkit

Information

A story of how an analysis of a supposed game cheat turned into the discovery of a powerful UEFI threat Towards the end of 2022 an unknown threat actor boasted on an underground forum that they’d created a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? It could bypass UEFI Secure Boot – a feature built into all modern computers to prevent them from running unauthorized software. What at first sounded like…

Read More
13 Jul

The danger within: 5 steps you can take to combat insider threats

Information

Some threats may be closer than you think. Are security risks that originate from your own trusted employees on your radar? It all began innocently enough when a Tesla employee received an invitation from a former associate to catch up over drinks. Several wining and dining sessions later, the old acquaintance made his real intentions clear: he offered the Tesla employee $1 million for smuggling malware into the automaker’s computer network in a a scheme…

Read More
13 Jul

Microsoft patches four zero-days, finally takes action against crimeware kernel drivers

Information

by Paul Ducklin This Tuesday, 2023-07-11, was Microsoft’s Patch Tuesday for July 2023, so here’s a brief reminder to do two things: Patch early, patch often. More than 100 vulnerabilities were patched this month, including four zero-day security holes for which working exploit code already exists. Even though everyone was at risk until Tuesday, it’s important not to be one of those people who remains at risk longer than necessary. When defenders close off holes…

Read More
13 Jul

Juniper Networks Patches High-Severity Vulnerabilities in Junos OS

Information, News

Networking appliances maker Juniper Networks on Wednesday announced software updates that patch multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space. The company published 17 advisories detailing roughly a dozen Junos OS-specific security defects, and nearly three times as many issues in third-party components used in its products. Of the new advisories, three describe high-severity vulnerabilities in Junos OS and Junos OS Evolved that could lead to denial-of-service (DoS). The flaws impact…

Read More
13 Jul

Cisco Releases Security Update for SD-WAN vManage API

Attacks, Insights, Malware

Cisco has released a security update to address a critical vulnerability affecting SD-WAN vManage API. A remote attacker can exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco security release Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability and apply the necessary updates.

Read More
13 Jul

CISA Adds Two Known Vulnerabilities to Catalog

Attacks, Insights, Malware

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-37450 Apple Multiple Products WebKit Code Execution Vulnerability CVE-2022-29303 SolarView Compact Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Note: To view other newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column—which will sort by descending…

Read More
12 Jul

ESET Threat Report H1 2023

Information

A view of the H1 2023 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts We are pleased to present the latest issue of ESET Threat Report, which brings changes aimed at making its contents more engaging and accessible. One notable modification is our new approach to data presentation: rather than detailing all data changes within each detection category, our intention is to provide more in-depth…

Read More
12 Jul

Apple silently pulls its latest zero-day update – what now?

Information

by Paul Ducklin Betteridge’s Law of Headlines insists that any headline posed as a question can instantly be answered with a simple “No.” Apparently, the theory behind this witticism (it’s not actually a Law, nor yet a rule, nor even in fact anything more than a suggestion) is that if the author knew what they were talking about, and had real evidence to support their case, they’d have written the headline as an undiluted fact.…

Read More
12 Jul

CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory (CSA), Enhanced Monitoring to Detect APT Activity Targeting Outlook Online, to provide guidance to agencies and critical infrastructure organizations on enhancing monitoring in Microsoft Exchange Online environments.  In June 2023, a Federal Civilian Executive Branch (FCEB) agency observed unexpected events in Microsoft 365 (M365) audit logs. After reporting the incident to Microsoft, network defenders deemed the…

Read More